Are you planning to use container managed security? I supposed either way you can try what we've done - as I posted it in another thread yesterday:
It may be easier for you to extend RequestProcessor and override processRoles(...) and perform your own authorization there. I started down that road, but didn't like the effect of return false from processRoles, so we always return true and do the real role checking in our base action class (mapping.getRoleNames() gives us the value of the roles attribute) so that we can return mapping.getInputForward() when the role check fails... -- Voytek Jarnot Quidquid latine dictum sit, altum viditur. > -----Original Message----- > From: Jason Vinson [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 26, 2003 7:57 AM > To: Struts Users Mailing List > Subject: Security without the use of Servlet Filters > > > I asked a while back about implementing a security check for > session data, and some people recommended using Filter > Objects. My current project is working with the Servlet 2.2 > spec, so I don't have the option of using Filters. Someone > else mentioned overriding the Default Action that all my > pages extend, which sounds like my best option at this time. > Could anyone point me to an example of how to do this? > > TIA, > Jason > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]